Experiences with "advanced" network taps.
We are planning on purchasing some network taps for a couple of locations in our network, and we expect to make significantly greater use of them in the next year or two. Something that is new since I last investigated taps (it has been a while) is that many of them now allow for functionality I would typically think of as far outside what a simple tap does. For example: Selective forwarding of packets based on MAC address, TCP/UDP port, IP address range etc. Selective forwarding/load balancing based on flow, so that you can distribute traffic across a cluster of devices (e.g. IDS or netflow probes) Ability to insert a device (firewall, IDS, etc) into the network flow and via software configuration bypass traffic around the device- e.g. able to quickly drop a device out of the network path. - Some have the ability to send network probes, or monitor traffic downstream of an inline device so they can automatically take the device out of line if it fails to pass traffic. - Some can filter which traffic goes through the inline device and merge it back with the traffic that was not sent to the inline device for downstream consumption. Some can be connected and automatically be managed as if one device, allowing monitor and replication ports to be used across the stack/mesh of devices. All of this is very interesting. Of course these taps cost more than your basic dumb tap. More interestingly to me is that these taps are no longer dumb, and that makes them a bit of a riskier proposition. In evaluating some we have run into issues ranging from misconfiguration/user error to what appear to be crashes (with associated loss of forwarding). I'm wondering if anyone has had significant experience deploying these more advanced taps, whether it was good or bad, general comments you might like to share regarding them, and whether you would recommend particular vendors. If people reply off-list, I will make a point of summarizing back if I get any feedback. Thanks! --D -- -- Darren Bolding -- -- darren@bolding.org --
Look at NetOptics Directors or the VSS 4x24. I've deployed several. On Mon, May 23, 2011 at 8:34 PM, Darren Bolding <darren@bolding.org> wrote:
We are planning on purchasing some network taps for a couple of locations in our network, and we expect to make significantly greater use of them in the next year or two.
Something that is new since I last investigated taps (it has been a while) is that many of them now allow for functionality I would typically think of as far outside what a simple tap does.
For example:
Selective forwarding of packets based on MAC address, TCP/UDP port, IP address range etc. Selective forwarding/load balancing based on flow, so that you can distribute traffic across a cluster of devices (e.g. IDS or netflow probes) Ability to insert a device (firewall, IDS, etc) into the network flow and via software configuration bypass traffic around the device- e.g. able to quickly drop a device out of the network path. - Some have the ability to send network probes, or monitor traffic downstream of an inline device so they can automatically take the device out of line if it fails to pass traffic. - Some can filter which traffic goes through the inline device and merge it back with the traffic that was not sent to the inline device for downstream consumption. Some can be connected and automatically be managed as if one device, allowing monitor and replication ports to be used across the stack/mesh of devices.
All of this is very interesting. Of course these taps cost more than your basic dumb tap.
More interestingly to me is that these taps are no longer dumb, and that makes them a bit of a riskier proposition. In evaluating some we have run into issues ranging from misconfiguration/user error to what appear to be crashes (with associated loss of forwarding).
I'm wondering if anyone has had significant experience deploying these more advanced taps, whether it was good or bad, general comments you might like to share regarding them, and whether you would recommend particular vendors.
If people reply off-list, I will make a point of summarizing back if I get any feedback.
Thanks!
--D
-- -- Darren Bolding -- -- darren@bolding.org --
-- Jason
participants (2)
-
Darren Bolding
-
Jason Biel